Skip to main content

Netskope Help

CTEP/IPS Threat Content Update Release Notes 100.0.0.283

Refer to the following summary of signatures deployed on 17th January, 2023 with the IPS content release:

  • Total signatures: 20312

  • Signatures added : 164

  • Signatures modified: 04

  • Signatures removed: 04

Signatures Added

SID

Description

Reference

150188

MALWARE-CNC github.Bloodhound.Download traffic detected

No Reference

150189

MALWARE-CNC github.Winpeas.Download traffic detected

No Reference

150190

MALWARE-CNC Shellsting.Beacon traffic detected

No Reference

150191

MALWARE-CNC Shellsting.Beacon traffic detected

No Reference

150192

MALWARE-CNC Shellsting.Payload traffic detected

No Reference

150282

MALWARE-CNC Command and Control - HIDDENVALUE C2 Beacon Variant2 detected

No Reference

150284

MALWARE-CNC Command and Control - HALFSHELL C2 Beacon detected

No Reference

150285

MALWARE-CNC Command and Control - APT30 BACKSPACE C2 Communication Variant3 Detected

No Reference

150286

MALWARE-CNC Command and Control - LOKIBOT C2 Communication Variant3 detected

No Reference

150287

MALWARE-CNC Command and Control - MAZE C2 Beacon Variant2 detected

No Reference

150288

MALWARE-CNC Command and Control - CRYPTOWALL Beacon detected

No Reference

150503

MALWARE-CNC Redisland.C2 traffic detected

No Reference

150509

MALWARE-CNC Armageddon.Weirdbird.Exfiltration detected

No Reference

150510

MALWARE-CNC Chepro.C2.Beacon traffic detected

No Reference

150511

MALWARE-CNC APT29.Get.Request traffic detected

No Reference

150512

MALWARE-CNC Lockload.C2 traffic detected

No Reference

150513

MALWARE-CNC Lockload.C2 traffic detected

No Reference

150514

MALWARE-CNC Lockload.C2 traffic detected

No Reference

150515

MALWARE-CNC Lockload.C2 traffic detected

No Reference

150516

MALWARE-CNC Lockload.C2 traffic detected

No Reference

150517

MALWARE-CNC Matanbuchus.C2 traffic detected

No Reference

150518

MALWARE-CNC Matanbuchus.Exfiltration.C2 traffic detected

No Reference

150519

MALWARE-CNC UNC3443.Emotet.Download traffic detected

No Reference

150520

MALWARE-CNC UNC3443.Emotet.Download traffic detected

No Reference

150521

MALWARE-CNC UNC3443.Emotet.Download traffic detected

No Reference

150522

MALWARE-CNC UNC3443.Emotet.Download traffic detected

No Reference

150523

MALWARE-CNC UNC3443.Emotet.Beacon traffic detected

No Reference

150524

MALWARE-CNC UNC3443.Emotet.Beacon traffic detected

No Reference

150525

MALWARE-CNC curl.privesc.download traffic detected

No Reference

150526

MALWARE-CNC Koadic.C2 traffic detected

No Reference

150527

MALWARE-CNC Evora.C2 traffic detected

No Reference

150528

MALWARE-CNC Armageddon.Playdate.C2.Beacon detected

No Reference

150529

MALWARE-CNC Doublepipe.C2 traffic detected

No Reference

150530

MALWARE-CNC Pearldown.C2.Get detected

No Reference

150531

MALWARE-CNC Pearldown.C2.Get detected

No Reference

150532

MALWARE-CNC UNC3840.Fruitbird.C2.Beacon detected

No Reference

150533

MALWARE-CNC Kwampires.C2 detected

No Reference

150534

MALWARE-CNC UNC3443.Emotet.C2 detected

No Reference

150535

MALWARE-CNC UNC3443.Emotet.C2 detected

No Reference

150546

MALWARE-CNC Sevenminus.Initial.Checkin variant detected

No Reference

150547

MALWARE-CNC Armedcloud.C2 traffic detected

No Reference

150548

MALWARE-CNC Psixbot.DoH.Tunneling traffic detected

No Reference

150549

MALWARE-CNC Trevor.Generic.C2 instruction retrieval traffic detected

No Reference

150551

MALWARE-CNC Servu.C2 traffic detected

No Reference

150552

MALWARE-CNC PutterPanda.HTTPBeacon C2 traffic detected

No Reference

150553

MALWARE-CNC Valefor.C2 beacon traffic detected

No Reference

150554

MALWARE-CNC Infostealer.Discord.C2 traffic detected

No Reference

150555

MALWARE-CNC Questdown.Exfiltration.C2 traffic detected

No Reference

150556

MALWARE-CNC Questdown.Exfiltration.C2 traffic detected

No Reference

150557

MALWARE-CNC Questdown.Exfiltration.C2 traffic detected

No Reference

150558

MALWARE-CNC UNC4027.C2.Beacon traffic detected

No Reference

150559

MALWARE-CNC HAVANACRYPT.Data.Exfilteration traffic detected

No Reference

150560

MALWARE-CNC UNC3443.Emotet.Dropper.Beacon traffic detected

No Reference

150561

MALWARE-CNC URSNIF.C2.Communication varient traffic detected

No Reference

150562

MALWARE-CNC URSNIF.C2.traffic detected

No Reference

150563

MALWARE-CNC FIN8.Rumpunch.Check-in traffic detected

No Reference

150564

MALWARE-CNC FIN8.Rumpunch.Check-in traffic detected

No Reference

150565

MALWARE-CNC TurlaTeam.CRUTCHv3.DropboxUploadCall traffic detected

No Reference

150566

MALWARE-CNC TurlaTeam.CRUTCHv3.DropboxListFolder traffic detected

No Reference

150567

MALWARE-CNC TurlaTeam.CRUTCHv3.DropboxDownload traffic detected

No Reference

150568

MALWARE-CNC TurlaTeam.CRUTCHv3.DropboxDeletev2 traffic detected

No Reference

150569

MALWARE-CNC APT37.Slowdrift.Login traffic detected

No Reference

150570

MALWARE-CNC Subtlelime.Beacon traffic detected

No Reference

160001

FILE-PDF Adobe Acrobat out of bounds write attempt

CVE-2023-21606

160002

FILE-PDF Adobe Acrobat out of bounds read attempt

CVE-2023-21613

160003

FILE-PDF Adobe Acrobat out of bounds read attempt

CVE-2023-21614

160101

FILE-PDF Adobe Acrobat integer overflow attempt

CVE-2023-21604

160102

FILE-PDF Adobe Acrobat NULL Pointer Dereference attempt

CVE-2023-21586

160103

FILE-PDF FILE-PDF Adobe Acrobat Out-of-bounds Read attempt

CVE-2023-21585

160104

FILE-PDF Adobe Acrobat Heap-based Buffer Overflow attempt

CVE-2023-21605

160105

FILE-PDF Adobe Acrobat Improper Input Validation attempt

CVE-2023-21607

60459

MALWARE-CNC Win.Malware.VSingle variant outbound connection

www.virustotal.com/gui/file/586f30907c3849c363145bfdcdabe3e2e4688cbd5688ff968e984b201b474730

60460

MALWARE-CNC Win.Malware.VSingle variant outbound connection

www.virustotal.com/gui/file/586f30907c3849c363145bfdcdabe3e2e4688cbd5688ff968e984b201b474730

60461

MALWARE-CNC Win.Malware.VSingle variant outbound connection

www.virustotal.com/gui/file/586f30907c3849c363145bfdcdabe3e2e4688cbd5688ff968e984b201b474730

60462

MALWARE-CNC Win.Backdoor.YamaBot variant outbound connection

www.virustotal.com/gui/file/f226086b5959eb96bd30dec0ffcbf0f09186cd11721507f416f1c39901addafb

60463

MALWARE-CNC Win.Backdoor.TigerRAT variant outbound connection

www.virustotal.com/gui/file/bffe910904efd1f69544daa9b72f2a70fb29f73c51070bde4ea563de862ce4b1

60464

MALWARE-CNC Win.Backdoor.TigerRAT variant outbound connection

www.virustotal.com/gui/file/1f8dcfaebbcd7e71c2872e0ba2fc6db81d651cf654a21d33c78eae6662e62392

60465

MALWARE-CNC Win.Backdoor.MagicRAT variant outbound connection

www.virustotal.com/gui/file/90fb0cd574155fd8667d20f97ac464eca67bdb6a8ee64184159362d45d79b6a4

60466

MALWARE-CNC Win.Backdoor.MagicRAT variant outbound connection

www.virustotal.com/gui/file/8ce219552e235dcaf1c694be122d6339ed4ff8df70bf358cd165e6eb487ccfc5

60468

BROWSER-CHROME Google Chrome V8 engine IterateElements out-of-bounds read attempt

CVE-2016-1646

60469

MALWARE-OTHER Php.Webshell.CmdShell upload attempt

attack.mitre.org/techniques/t1505/003/

60470

MALWARE-OTHER Php.Webshell.CmdShell download attempt

attack.mitre.org/techniques/t1505/003/

60471

MALWARE-OTHER Php.Webshell.CmdShell outbound connection attempt

attack.mitre.org/techniques/t1505/003/

60479

OS-WINDOWS Microsoft Windows Runtime remote code execution attempt

CVE-2022-21971

60483

BROWSER-CHROME Google Chrome V8 JSON.stringify remote code execution attempt

CVE-2021-38003

60489

MALWARE-OTHER PacketWhisper decloakify.py download attempt

No Reference

60491

MALWARE-OTHER PacketWhisper cloakify.py download attempt

No Reference

60493

MALWARE-OTHER PacketWhisper download attempt

No Reference

60494

MALWARE-OTHER Php.Webshell.Exoshell upload attempt

attack.mitre.org/techniques/t1505/003/

60495

MALWARE-OTHER Php.Webshell.Exoshell download attempt

attack.mitre.org/techniques/t1505/003/

60496

MALWARE-CNC Php.Webshell.Exoshell inbound connection attempt

attack.mitre.org/techniques/t1505/003/

60497

MALWARE-CNC Php.Webshell.Exoshell inbound connection attempt

attack.mitre.org/techniques/t1505/003/

60498

MALWARE-CNC Php.Webshell.Exoshell outbound connection attempt

attack.mitre.org/techniques/t1505/003/

60503

SERVER-WEBAPP Dojo Toolkit JavaScript prototype pollution attempt

CVE-2021-23450

60505

OS-LINUX Sudo heap-based buffer overflow attempt

CVE-2021-3156

60506

MALWARE-OTHER Php.Webshell.FTPSearch outbound connection attempt

attack.mitre.org/techniques/t1505/003/

60507

MALWARE-CNC Win.Trojan.Matanbuchus payload download attempt

www.virustotal.com/gui/file/af356a39a298f6a48f8091afc2f2fc0639338b11813f4f4bd05aba4e65d2bbe3

60512

MALWARE-OTHER Win.Trojan.Matanbuchus variant Cobalt Strike inbound connection

isc.sans.edu/diary/malspam+pushes+matanbuchus+malware%2c+leads+to+cobalt+strike/28752

60513

MALWARE-OTHER Win.Trojan.Matanbuchus variant Cobalt Strike inbound connection

isc.sans.edu/diary/malspam+pushes+matanbuchus+malware%2c+leads+to+cobalt+strike/28752

60514

MALWARE-CNC Unix.Backdoor.KeyPlug variant outbound connection

www.mandiant.com/resources/blog/apt41-us-state-governments

60515

MALWARE-CNC Unix.Backdoor.KeyPlug variant outbound connection

www.mandiant.com/resources/blog/apt41-us-state-governments

60516

MALWARE-CNC Win.Trojan.IcedID download attempt

aristanetworks.force.com/aristacommunity/s/article/breaking-the-ice-detecting-icedid-and-cobalt-strike-beacon-with-network-detection-and-response-ndr

60517

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/

60518

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/

60519

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/

60520

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/

60521

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/be79d470c081975528c0736a0aa10214e10e182c8948bc4526138846512f19e7/analysis/

60522

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/a9916af0476243e6e0dbef9c45b955959772c4d18b7d1df583623e06414e53b7/analysis/

60523

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/8294815c2342ff11739aff5a55c993f5dd23c6c7caff2ee770e69e88a7c4cb6a/analysis/

60524

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/78c6b489ac6cebf846aab3687bbe64801fdf924f36f312802c6bb815ed6400ba/analysis/

60525

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/78c6b489ac6cebf846aab3687bbe64801fdf924f36f312802c6bb815ed6400ba/analysis/

60526

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/581ed090237b314a9f5cd65076cd876c229e1d51328a24effd9c8d812eaebe6a/analysis/

60527

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/5264e8a8571fe0ef689933b8bc2ebe46b985c9263b24ea34e306d54358380cbb/analysis/

60528

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/34bf1a232870df28809597d49a70d9b549d776e1e4beb3308ff6d169a59ecd02/analysis/

60529

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/1cb2d299508739ae85d655efd6470c7402327d799eb4b69974e2efdb9226e447/analysis/

60530

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/

60531

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/be79d470c081975528c0736a0aa10214e10e182c8948bc4526138846512f19e7/analysis/

60532

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/a9916af0476243e6e0dbef9c45b955959772c4d18b7d1df583623e06414e53b7/analysis/

60533

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/8294815c2342ff11739aff5a55c993f5dd23c6c7caff2ee770e69e88a7c4cb6a/analysis/

60534

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/78c6b489ac6cebf846aab3687bbe64801fdf924f36f312802c6bb815ed6400ba/analysis/

60535

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/581ed090237b314a9f5cd65076cd876c229e1d51328a24effd9c8d812eaebe6a/analysis/

60536

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/5264e8a8571fe0ef689933b8bc2ebe46b985c9263b24ea34e306d54358380cbb/analysis/

60537

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/34bf1a232870df28809597d49a70d9b549d776e1e4beb3308ff6d169a59ecd02/analysis/

60538

MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/1cb2d299508739ae85d655efd6470c7402327d799eb4b69974e2efdb9226e447/analysis/

60539

MALWARE-CNC Doc.Dropper.Gamaredon malicious download attempt

virustotal.com/en/file/4aa2c783ae3d2d58f12d5e89282069533a80a7ba6f7fe6c548c6230a9601e650/analysis/

60558

OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt

CVE-2022-35803

60569

SERVER-WEBAPP QNAP Photo Station combine.php remote code execution attempt

CVE-2022-27593

60570

MALWARE-TOOLS Win.Trojan.Amadey malware tools download attempt

www.virustotal.com/gui/file/02989f6664dd6098efe0d9717187cd57fd2ab9d7c1fc9fd8d49817aa81d80caa

60571

MALWARE-TOOLS Win.Trojan.Amadey malware tools download attempt

www.virustotal.com/gui/file/02989f6664dd6098efe0d9717187cd57fd2ab9d7c1fc9fd8d49817aa81d80caa

60572

MALWARE-TOOLS Win.Trojan.Amadey malware tools download attempt

www.virustotal.com/gui/file/02989f6664dd6098efe0d9717187cd57fd2ab9d7c1fc9fd8d49817aa81d80caa

60575

OS-OTHER Apple OS X rootpipe privilege escalation attempt

CVE-2015-1130

60577

OS-MOBILE GingerBreak escalation of privilege attempt

CVE-2011-1823

60579

BROWSER-CHROME Google Chromium security bypass attempt

CVE-2021-30533

60582

MALWARE-OTHER Perl.Webshell.GammaShell upload attempt

attack.mitre.org/techniques/t1505/003/

60583

MALWARE-OTHER Perl.Webshell.GammaShell download attempt

attack.mitre.org/techniques/t1505/003/

60584

MALWARE-CNC Perl.Webshell.GammaShell inbound connection attempt

attack.mitre.org/techniques/t1505/003/

60585

MALWARE-CNC Perl.Webshell.GammaShell inbound connection attempt

attack.mitre.org/techniques/t1505/003/

60586

MALWARE-CNC Perl.Webshell.GammaShell inbound connection attempt

attack.mitre.org/techniques/t1505/003/

60587

MALWARE-CNC Perl.Webshell.GammaShell outbound connection attempt

attack.mitre.org/techniques/t1505/003/

60588

MALWARE-OTHER Perl.Webshell.GoShell upload attempt

attack.mitre.org/techniques/t1505/003/

60589

MALWARE-OTHER Php.Webshell.GoShell download attempt

attack.mitre.org/techniques/t1505/003/

60590

MALWARE-CNC Perl.Webshell.GoShell inbound connection attempt

attack.mitre.org/techniques/t1505/003/

60591

MALWARE-CNC Perl.Webshell.GoShell outbound connection attempt

attack.mitre.org/techniques/t1505/003/

60600

MALWARE-TOOLS Win.Trojan.Mansabo Cobalt Strike download attempt

www.virustotal.com/gui/file/c6a948be6c714e8dcce8f0fc9c2dce8b3d1f22fee9246089dbbbe1046aed8c03

60603

OS-MOBILE Mali GPU memory alias privilege escalation attempt

CVE-2022-20186

60614

OS-WINDOWS Windows DACL privilege escalation attempt

CVE-2019-0841

60622

MALWARE-TOOLS Win.Trojan.LockBit variant binary download attempt

www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer-/

60626

OS-OTHER Apple Mac iOS IOKit keyboard driver privilege escalation attempt

CVE-2014-4404

60637

MALWARE-OTHER MultiOS.Backdoor.antSword inbound connection attempt

msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

60638

MALWARE-CNC Win.Backdoor.Agent inbound connection attempt

msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

60639

MALWARE-CNC Win.Backdoor.Agent inbound connection attempt

msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

60640

MALWARE-OTHER MultiOS.Backdoor.Agent implant attempt

msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

60641

MALWARE-CNC MultiOS.Backdoor.Agent inbound connection attempt

msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

60644

OS-LINUX Linux kernel route4_change use after free attempt

CVE-2022-2588

60648

BROWSER-CHROME Chrome IPC memory dump attempt

CVE-2021-37976

60666

OS-MOBILE Android ACDB driver ioctl overflow attempt

CVE-2013-2597

60669

OS-WINDOWS Virtual Box kernel address tampering attempt

CVE-2008-3431

60682

OS-MOBILE Android sk_buff use-after-free attempt

CVE-2021-0920

60684

BROWSER-WEBKIT Apple Safari WebCore command cross site scripting attempt

CVE-2019-8720

60697

SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt

CVE-2022-34878

60703

BROWSER-IE Microsoft Internet Explorer EPM MOTWCreateFileW file access bypass attempt

CVE-2014-2817

61061

OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt

CVE-2023-21552

61063

OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt

CVE-2023-21674

61065

OS-WINDOWS Microsoft Windows AFD.sys privilege escalation attempt

CVE-2023-21768

Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 40062

  • 48577

  • 25530

  • 58701